Closed
Bug 619994
Opened 14 years ago
Closed 14 years ago
Bugzilla is vulnerable to stored cross site scripting
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
People
(Reporter: swatejkumar, Unassigned)
References
()
Details
Attachments
(1 file)
|
28.38 KB,
image/png
|
Details |
proof of concept for stored xss in Bugzilla
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729) Build Identifier: Bugzilla is vulnerable to stored cross site scripting. An attacker can exploit stored XSS to steal user's session cookie,deface website,distribute malwares on user's machine etc. For more info please refer: http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 Reproducible: Always Steps to Reproduce: 1.Login to bugzilla in internet explorer. 2.file a bug. 3.Create an attachment test.png with following contents: <script>alert('Xssed')</script> now save this file as test.png and file type=all files. 4. Now upload this test.png as an attachment. 5.Go to attachment and click on details. 6.Observe that javascript is executing and alert box is displayed saying XSSed(as written in test.png). Expected Results: Attacker injected Javascript was executed in victim user's browser.
Please note that this issue can be reproduced only when you are browsing bugzilla.mozilla.org in internet explorer.
|
||
Comment 4•14 years ago
|
||
There is nothing confidential about this bug, and also very little dangerous. Attachments are served on a different domain that does not have access to this domain at all. This is a duplicate of bug 554121 and bug 453425.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
||
Updated•11 years ago
|
Flags: sec-bounty-
You need to log in
before you can comment on or make changes to this bug.
Description
•